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KLBCTRONTC TOKOS TRAMBTgR TN8TRPMEMTS 

The invention relates to electronic funds transfer 
5 instruments. 

As sesn in Fig. 1, in a typical financial 
transaction 10 a payer 12 transfers funds to a payee 14. 
Individual payers and payees prefer different payment 
aethods at different tines, including cash, checks, 

10 credit cards and debit cards. The transfer of funds 
between the payer 12 and the payee 14 say involve 
intermediate transactions with one or Bore banking 
institutions 16. The banks' functions include collecting 
and holding funds deposited by account holders and 

15 responding to instructions froa the account holders. 
Checks are an exaaple of financial transactions which 
invoke these banking institution functions. 

Pig. 2 shows a paper check transaction 20, in 
which a check 22 is transferred from the payer 12 to the 

20 payee 14. The check 22 is typically found in a checkbook 
24. Each check has several -blank spaces (for the date 
34, the nane of the payee 30, the sub of aoney to be paid 
28, and the signature of the payee 38) to be filled out 
by the payer 12. As each check is written, the payer 12 

25 keeps a record of the check in a check register 26 which 
lists check transactions including the sua to be paid 28, 
the naae of the payee 30, the identification number of 
the check 32, and the date of the transaction 34. 
In the body of the check 22, the payer 12 

30 instructs the payer's bank 36 to pay the stated sua of 
aoney 28 to the payee 14. The check 22 identifies the 
payer's bank 36, the payer's account number 40 (using 
magnetically readable characters) at the payer's bank, 
and the payer 23 (usually by printed naae and address). 

35 After filling in the date 34, the naae of the payee 30 
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and the sum of aonty 28 as ordarsd by ths payss 14, ths 
paysr signs ths check 22. A payss typically considers a 
check authentic and accepts it for payment if it contains 
the signature 38 of the payer, the printed identification 

5 of the payer 23 and the printed nana and logo 42 of the 
payer's bank 36, and does not appsar to be altered. The 
check 22 also contains a routing and transit number 25 
which indicates ths routing of the check to the payer's 
bank 36 for presentment. 

0 After the payer 12 presents the completed check 22 

to the payee 14 in a financial transaction (such as a 
sale of goods or services) , the payee 14 endorses the 
check 22 on the back with the payee's signature 44 and 
deposits the check 22 with the payee's bank 46. If the 

5 check looks authentic, the payee bank 46 provisionally 
credits the payee's account 48 for the amount of money 
designated on the face of the check 28 pending clearance 
through the federal reserve system and acceptance and 
payment by the payer's bank 36. 

0 The payee's bank 46 routes the check 22 to the 

payer's bank, possibly using ths federal reserve bank 
clearing house 50 or other established clearing 
arrangement, which uses the routing and transit number 25 
to deliver it to the payer's bank 36, which then verifies 

5 the authenticity of the check 22 and (at least for some 
checks) the signature 38 of the payer 12. If the check 
22 is authentic and the payer 12 has sufficient funds in 
her account 40 to cover the amount of the check 28, the 
payer's bank 36 debits the payer's account 40 and 

0 transfers funds to the payee's bank 46 for the amount 
designated on the check 28. A complete check transaction 
20 thus includes verification steps performed by the 
payee 14 and the payer's and payee's banks 36 and 46. 

The banks 36 and 46 send bank statements 52 and 54 

5 to ths payer 12 and payee 14, respectively, which reflect 
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the events of the transaction 20 pertinent to aaeh of the 
parties for reconciliation of thair accounts with their 
racords. 

Procasslng a paper check requires time as the 
5 physical check is routed to the payer, the payee, the 
payee's bank, the clearing house and the payer's bank. 
The sane is true of other types of financial transactions 
involving paper instruments, such as credit card slips 
generated during a credit card sale. In a credit card 

10 transaction, a merchant Bakes an impression of the 
customer's card, which the customer than signs, to 
function as a receipt for the transaction. The merchant 
typically obtains a positive acknowledgement or credit 
authorization from the customer's credit card company 

15 before accepting the credit card slip. This assures that 
payment will be received. 

Several mechanisms for using electronic 
communication to substitute for paper flow in financial 
transactions are in use or have been proposed. 

?0 Electronic Check Presentment (ECP) is a standard 

banking channel used to clear checks collected by banks 
prior to or without routing the physical checks. The 
Automated Clearing House (ACH) is an electronic funds 
transfer system used by retail and commercial 

25 organizations. The ACH acts as a normal clearing house, 
receiving a transaction over the network and then 
splitting and routing the debit and credit portions of 
the transaction to the payer's and the payee's banks. 
Electronic Data Interchange (EDI) is a similar electronic 

30 transactional system, primarily used for the interchange 
of business documents such as invoices and contracts. 
With EDI, the funds transfer is frequently transmitted 
over other financial networks, such as through electronic 
funds transfer or ACH. 
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So-called horns banking allows a consumer to uss a 
horns or personal computer to, e.g. , request that the bank 
pay certain bills. 

Electronic funds transfer (EFT), or wire transfer, 
5 is used for direct transfer of funds from a payer to a 
payee, both usually corporations, using a bank's 
centralized computer as an intermediary. The EFT system 
■ay be used in conjunction with the ACH system described 
above. 

10 Automatic teller machines (ATM) and point of sale 

(POS) devices allow an individual to conduct a 
transaction from a location outside the home. ATM's have 
remote computer terminals connected to the user's bank 
which allow access, directly or indirectly through 

15 switching networks, to the user's account in the central 
computer of the bank. Similarly, POS devices are remote 
computer terminals located at a place of business which 
allow access to an individual's account information 
stored in a computer within a network of financial 

20 institutions, to permit transfer of funds from the user's 
account to the merchant's account at another bank. 

Check imaging, another electronic transaction 
procedure, involves the scanning of a paper check by a 
scanner, which digitises the image of the check pixel by 

25 pixel and stores the image electronically in a memory. 
The image may then be transferred electronically to 
substitute for or precede the physical delivery of the 
check, e.g., to truncate the clearing process. The image 
of the check may be recreated on a computer monitor or on 

30 paper for verification by the appropriate banking 
institutions. 

Several systems are currently used to secure 
electronic financial transactions. For example, IC chip 
cards, or smart cards, are small devices (containing 

35 chips with memories) which are capable of exchanging data 
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with a computer or a terminal and of performing simple 
data processing functions, and are thus mora versatile 
than a simple credit card. The smart card is portable 
and may be easily used in POS and ATM environments. 

5 

In general, in one aspect, the invention features 
a computer-based method in which an electronic instrument 
is created for effecting a transfer of funds from an 
account of a payer in a funds-holding institution to a 
10 payee, the instrument including an electronic signature 
of the payer. A digital representation of a verifiable 
certificate by the institution of the authenticity of the 
account, the payer, and the public key of the payer is 
appended to the instrument. This enables a party 
15 receiving the instrument, e.g., the payee or a bank, to 
verify the payer's signature on the instrument. 

Implementations of the invention may also include 
one or more of the following features. The electronic 
instrument may include digital representations of (a) 
20 payment instructions, (b) the identity of the payer, (c) 
the identity of the payee, and (d) the identity of the 
funds-holding institution. Digital representations of a 
verifiable signature of the payer may also be appended to 
the electronic instrument. The electronic instrument may 
25 be delivered electronically to the institution at least 
in part via a publicly accessible data communication 
medium. At the institution, the signature of the payer 
and the certificate may be verified in connection with 
transmitting funds to the payee. An account number may 
30 be included in the electronic instrument. The account 
may be a deposit account or a credit account. The 
instrument may be an electronic substitute for a check, a 
traveler's check, a certified check, a cashier's check, 
or a credit card charge slip. The publicly accessible 
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data communication medium nay be unsacurad. Tha 

institution may ba a bank. 

Also appandad to tha instrument nay ba digital 

raprasantations of a varifiabla signs tura of tha payaa, a 
5 varifiabla eartif ioata by an institution which holds an 

account of tha payaa, and a varifiabla certificate by a 

central banking authority with respect to the institution 

which holds the payee's account. 

Delivery of the instrument may ba in part via a 
10 private controlled secure communication medium and in 

part via a publicly accessible data communication medium. 

The electronic instrument may be delivered from an 

institution which holds an account of the payee to the 

funds-holding institution via an electronic clearing 
15 house. 

At the payee, the signature of the payer and the 
certificate of the institution may be verified. At the 
institution holding an account of the payee, the 
signature of the payer and the certificate of the funds- 

20 holding institution may be verified. 

The signatures may be generated by public key 
cryptography. The appending step may be done by a 
separate signature device from the device which performs 
the creation of the electronic instrument. 

25 Digital representations of a proposed transaction 

and a verifiable signature of the payee may be delivered 
from the payee to the payer at least in part via the 
publicly accessible communication network. 

Information may be automatically transferred from 

30 the electronic instrument to a computer-based accounting 
system that tracks accounts receivable or processes 
orders. A log of electronic instruments may be created. 

In general, in another aspect, the invention 
features apparatus including a portable token having a 

35 memory, a processor, and a port for communication with a 
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computer. The memory contains a privata ancryption key 
aasociatad with an account in a funds-holding institution 
and which is usabla to appand a sacura, varifiabla 
signatura to an alactronic payment instrument drafted on 
5 the account. 

Implementations of tha invention may include one 
or aore of tha following features. Tha maaory aay 
contain certification information provided by the 
institution and which is usable to append secure, 
10 verifiable certificates to electronic payment instruments 
to certify a relationship between an owner of the 
signature and a public key of the owner. A unique 
identifier aay be assigned to each electronic payment 
instrument . The portable token aay be a PCMCIA 
15 compatible card, smart card or saart disk, which aay 
internally hold a private signature key and a secure 
memory for the check serial number. The certification 
information aay be given a limited useful life. The 
memory aay also contain certification information 
20 provided by a central banking authority and which is 
usable to append secure, verifiable certificates to 
electronic payment instruments to certify the 
authenticity of the funds-holding institution. The 
certification information provided by the central banking 
25 authority aay have a limited useful life. The central 
banking authority aay be a United States Federal Reserve 
Bank. The memory aay also contain a complete or partial 
register of electronic payment instruments, or a subset 
of the information contained in the instruments, to which 
30 signatures have been appended. The appended signature 
may be a signature of a payer who holds the account in 
the institution, or an endorsement signature of a payee. 
The memory aay also contain a personal identification 
number for controlling access to the memory. 
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In general, in another aspect, the invention 
features a computer-based method of creating an 
electronic payment instrument. Digital payment data is 
formed which represents the identity of the payer, the 
5 identity of the payee, and the amount to be paid. Then, 
in a secure hardware token, a digital signature is 
appended to the data. 

In general, in another aspect, the invention 
features a computer-based method of endorsing a payment 

10 instrument by entering information included in the 

payment instrument in digital form into a secure hardware 
token and, in the token, appending a digital signature to 
the digital information. 

In general, in another aspect, the invention 

15 features a computer-based method for regulating the use 
of account numbers with respect to accounts in a funds- 
holding institution. Digital account numbers are 
assigned for use by account holders in creating 
electronic instruments, the digital account numbers being 

20 distinct from non-electronic account numbers used by 
account holders with respect to non-electronic 
instruments. At the fund-holding institution, electronic 
instruments are then accepted from account holders only 
if the electronic instruments include one of the digital 

25 account numbers. In implementations of this feature, 
each digital account number may be linked with a non- 
electronic account number, and the two numbers may be 
linked with a common account in the institution, so that 
electronic instruments and non-electronic instruments may 

30 be drawn against the same account. 

In general, in another aspect, the invention 
features a computer-based method of attaching a document 
to a related electronic payment instrument by forming a 
cryptographic hash of the document, and appending the 

35 hash to the electronic payment instrument. 
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Zn general , in another aspect, the invention 
features a computer-based method -for reducing- fraud with 
respect to deposit of an electronic instrument with a 
funds-holding institution. A key-encrypted signature of 
5 the payee, a public key of the payee, a routing code of 
the institution, and a number of the payee's account in 
the institution are included with the instrument, and, at 
the institution, there is automatic checking of the 
routing code and the account number before accepting the 
electronic instrument. 

In general, in another aspect, the invention 
features a computer-based method for reducing fraud 
associated with an electronic payment instrument. A 
cryptographic signature associated with a party to the 
instrument is appended to the instrument. Upon receipt 
of an electronic payment instrument, there is automatic 
checking of the cryptographic signature against 
cryptographic signature information of other electronic 
payment instruments previously received. 

Advantages of the invention may include one or 
more of the following. 

The invention provides an all-electronic payments 
and deposit gathering instrument that can be initiated 
from a variety of devices, such as a personal computer, 
screenphone, ATM or payments accounting system. 
Financial accounts may be rapidly and securely settled 
between trading partners over open public or proprietary 
networks, without requiring pre-arrangement, by inter- 
connection with the existing bank clearing and settlement 
systems infrastructure. The integration of controlled 
existing banking communication systems with rapidly grow- 
ing public networks in a secure fashion will allow for 
implementation and acceptance by banking institutions, 
industry, and consumers. 
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The invention addresses the problem of gathering 
deposits electronically over public -networks, since it 
anablas all customers, ratail and commercial, to gather, 
transmit and daposit, a.g. , checks, into thair accounts 
5 without physically going to a bank branch. Tha invention 
provides an electronic payment alternative for trading 
using public data networks to conduct transactions. 

Tha invention to a degree electronically mimics 
heavily-used and well-understood existing paper check 

10 processes to enable it to be readily accepted by the 
marketplace. By retaining the basic characteristics and 
flexibility of, e.g., the paper check, the invention may 
be adopted more rapidly. Due to its similarity to, e.g., 
paper checks, the invention can be uaad within the 

15 structure of existing lawa, regulations, and standard 
business practices. 

A variety of types of payment instruments may be 
implemented, e.g., certified checks, cashiers checks and 
credit card charge slips, and additional capabilities may 

20 be provided, e.g., future dating, limit checks, and 
multi-currency payments. 

The invention may be used in all market segments, 
from individual consumers to large corporations. It will 
enable businesses to safely and cheaply complete payments 

25 over public networks. Because the contents of the 
payment instrument may be attached to the trading 
partner's remittance information, the instrument will 
easily integrate with existing or new applications, such 
as accounts receivable systems. 

30 The security of the payment instruments enables 

open public networks to be linked to the financial 
payments and bank clearing networks in a secure fashion. 
The use of digital signatures, hardware based signing, 
and banks as certification agents, make the instruments 

35 trusted and secure. They are tamper-resistant due to the 
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use of cryptographic signatures. This will provide 
greater security and reduced fraud losses for all parties 
in the payments process by eliminating most of the comaon 
causes of bad paper checks. To provide confidentiality , 
5 the instruments nay also be encrypted when sent over 
public networks. 

The use of public-key certificates enables easy 
electronic authentication by a payee, and the payee's and 
payer's banks. Digital signatures can be validated 

1 0 automat ica 1 ly . 

Since the system can be fully automated, and new 
processing can be done outside of existing applications, 
such as a standard Demand Deposit Account (DDA) , the cost 
of processing an electronic instrument will be quite low, 

15 and the costs of implementation minimized. To further 
minimize implementation costs, the electronic instruments 
may be integrated with the existing bank infrastructure, 
including some of the mechanisms currently used for 
interbank clearing of checks and electronic payments, 

20 such as bilateral arrangements, ACH and EGP. 

Payers of all sizes gain substantial benefits. 
The use of electronic checks will be more cost effective 
than existing paper checks due to volume efficiencies and 
the automatic processing capabilities of computers. The 

25 use of electronic mail or electronic transmission is less 
costly than physically transporting paper. In addition 
to the significantly reduced costs of creating and 
mailing a payment (no check stock, envelopes, stamps, or 
incremental labor) , the payer gains the ability to con- 

30 trol the timing of payments, both through future dating 
of payments and through the increased reliability and 
delivery speeds of electronic mail. 

The invention addresses the problem of fraud and 
supports prudent fraud management through integrated 

35 fraud prevention measures and distributed liability for 



WO 96/31965 PCT/US96/04771 



- 12 - 

fraud. These mechanisms will reduce most of the currant 
causae of fraud, including forgary, alteration, 
duplication, and fraudulent depositing. Zn addition, 
because the electronic check implementation follows the 
5 check payment model, the potential liability of the banks 
for fraudulent transactions will be limited while 
equitably sharing the responsibilities for the integrity 
of the systen among payer, payee, and banks. 

An electronic check may be issued from personal 

10 financial software and other computing applications, 
through the use of an open programmatic tool set and 
application programming interfaces. Electronic 
instruments capability can be directly integrated into a 
payer's application, and does not require that a payer 

15 "go off-line" to complete a transaction. This benefit 
will be available to both consumers, through integration 
with packages such as Intuit' s Quicken", and businesses 
through integration with existing accounting systems. 

Other advantages and features of the invention 

20 will become apparent from the following description and 
from the claims. 



Daaerlption 
Figure 1 is a block diagram of a financial 
transaction. 

25 Figure 2 is a flow diagram of the steps of a check 

transaction. 

Figure 3 is a flow diagram of the steps of an 
electronic instrument transaction. 

Figure 4 is a block diagram of a workstation. 
30 Figure 5 is a format of an electronic check 

template example for use with the World Wide Neb. 

Figure 6 is a format of an electronic check and 
deposit endorsement instrument. 
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Figure 7 is a block format of a portion of an 
electronic check. 

Figure 8 is a format of a digital cryptographic 
signature based on DDS. 
5 Figure 9 is a block diagram of an electronic 

checkbook card. 

Figure 10 is a block diagraa of the interaction 
between a screenphone and a server. 

Figure 11 is a block diagraa of a certified check 
10 transaction. 

Figure 12 is a block diagraa of a noraal 
transaction flow. 

Figure 13 is a block diagraa of a cash and 
transfer transaction flow. 
15 Figure 14 is a block diagraa of a "lockbox" 

transaction flow. 

Figure 15 is a block diagraa of a funds transfer 
transaction flow. 

Figure 16 is a block diagraa of an electronic 
20 checkbook application interface. 

Figure 17 is a block diagraa of electronic check 
API's, aodules and protocols. 

At first we describe an iapleaentation of the 
invention called an electronic check. 
25 The electronic check is an electronic financial 

instrument which in some respects mimics the paper check. 
It is initiated and routed electronically, uses digital 
signatures for signing and endorsing, and relies on 
digital cryptographic certificates to authenticate the 
30 payer and payee and their respective banks and bank 
accounts and to provide a degree of security to all 
parties to the transaction. 

As seen in Fig. 3, the use of electronic checks 
aay take advantage of the interaction between publicly 
35 available, relatively unsecure electronic networks 65, 
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such as the dial-up, Internet, wireless, or e-mail 
networks, and established, relatively secure non-public 
financial networks and systems 80. Public networks and 
banking networks are distinct entities in terms of the 
5 security of information during transmission over the two 
types of networks. Existing communications approaches in 
the banking system are secure and well disciplined. 
Public electronic networks are unsecured and to some 
degree less disciplined. The cryptographically sealed 

10 and authenticated electronic check passing across gateway 
60 is the link between the public networks and secured 
financial networks. The gateway filters undesired 
traffic through and helps to prevent corruption of the 
secure financial networks resulting from intentional or 

15 unintentional access by persons operating in the public 
networks. 

As seen in Fig. 3, in a broad sense, a transaction 
is initiated when a payer 12, e.g., a consumer, 
electronically receives a memorandum of a proposed 

20 transaction 66, such as a bill, invoice or order form, 
from a payee 14, e.g. a merchant. Alternatively, a 
transaction may be initiated by the payer 12 only. The 
memorandum 66 may contain the payee's digital signature, 
which may be generated by the payee's secure 

25 authenticates 68 using public key cryptography. The 
payer 12 validates the payee's signature by using the 
payer's public key to verify the payee's digital 
signature and thus authenticates the payee 14. To 
proceed with the transaction, the payer 12 electronically 

30 creates a financial instrument 74, e.g. an electronic 
check (e.g. , on a personal computer) , payable to the 
order of the payee 14, and signs and records it using the 
payer's secure authenticates 70. In effect, the secure 
authenticator 70 enables the payer 12 to digitally sign 

35 the instrument 74 with a private signature key and enter 
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the transaction in a secure log, such as an alactronic 
checkbook 71. A racord of tha transaction may also be 
kapt in tha payee's accounting system 72. Tha 
authanticator also appands to tha check cryptographically 
5 signad cartificatas of, a.g. , tha payor's bank and tha 
federal reserve bank authenticating the payer's account 
and tha payer's bank, respectively. The payer 12 then 
electronically sands tha instrument 74 and tha memorandum 
66 via a public network 65 to the payee 14. 

10 upon receipt of the instrument 74 from the payer 

12, the payee 14 validates the payee's digital signature 
using public key cryptography. The payee 14 verifies the 
payer's bank 82 and the payer's account with tha 
certificates. The payee 14 also verifies that the 

15 instrument 74 is not a recent duplicate, and holds it in 
.storage until the date specified by the payer 12, if 
necessary. The payee 14 endorses the instrument 74 with 
the payee's digital signature using its authanticator 68. 
In effect, this enables the payee 14 digitally to sign 

20 the instrument 74 with a private signature key and enters 
the transaction in a secure log, such as an electronic 
checkbook 69. The authanticator also appands to the 
check cryptographically signed certificates of, e.g., the 
payee's bank and the federal reserve bank authenticating 

25 the payee's account and the payee's bank, respectively. 
The payee 14 detaches the memorandum 66 and forwards the 
memorandum and appropriate payment information from the 
electronic check to the payee's accounts receivable 
system 76. Finally, tha payee 14 electronically 

30 deposits, typically via a public network, the instrument 
74 with the banking institution which maintains the 
payee's account 78. 

The payee's bank 78 receives the endorsed 
instrument 74 deposited by the payee 14, validates both 

35 the payee's digital signature of endorsement and the 
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payer's original digital signature using public key 
cryptography, verifies that tha instrument 74 is not a 
recent duplicate and that the date of the instrument 74 
is valid and checks the certificates. The payee's bank 
5 78 then credits the sua of money specified in the 
instrument 74 to the payee's account and clears the 
instrument 74 with the payer's bank 82 via existing 
electronic settlement procedures, e.g., bilateral 
arrangement, ECP, ACH, ATM, EFT, or check imaging. The 

10 settlement procedures are carried out over a network 80 
connecting the computers of a large number of banking 
institutions, the network 80 itself indirectly connected 
with the public network 65. 

After clearance of the instrument, the payer's 

15 banking institution 82 receives the processed instrument 
74. The payer's bank 82 validates both the payer's and 
the payee's signatures using public key cryptography. 
The payer's bank 82 also verifies that the instrument 74 
is not a duplicate and that the date of the instrument 74 

20 is valid, and checks the certificates. If there are 
sufficient funds to cover the face value of the 
instrument 74 in the payer's account, the payer's bank 82 
debits the payer's account, treating the item as a normal 
DDA transaction, and electronically sends payment to the 

25 payee's bank 78 over the financial network 80 to settle 
the payment. The instrument 74 is archived for permanent 
storage and retrieval 83 at the payer's bank or 
elsewhere. 

After the transaction has been completed, the 
30 payer's bank 82 issues a DDA statement 84 to the payer 12 
reflecting the debit to the payer's account, and the 
payee's bank 78 issues a statement, report or accounts 
receivable update 86 to the payee 14 reflecting the 
credit to the payee's account. Supplementary information 
35 related to the transaction in the instrument 74, such as 
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the payer's and payee's nanas or memo lines, can ba 
included in the statement 84 or the report 86. Tha 
information contained in tha statement 84 and tha raport 
86 aay ba automatically compared with tha payer's 
5 accounting system 72 and tha payee's accounts receivable 
aystam 74, respectively, to verify that tha transaction 
was carried out properly. 

As seen in Fig. 4, a financial instrument such as 
an electronic check may be created or verified and 
10 endoraed at a computer terminal or workstation, such as 
the payer's workstation 90 or the payee's workstation 92. 
Both workstations have the same general format. Each has 
a CPU with disk storage and memory and a keyboard, mouse 
and display for interaction with tha user. Modems 91 and 

93 (or other network connections) are attached to the 
workstations 90 and 92 permit information, including tha 
electronic check, to be paasad electronically to other 
parties to the transaction via one of the electronic 
networks. Each workstation 90 and 92 also haa a PCMCIA 
port 98 and 100, into which a signature card, such as a 
PCMCIA card 94 or 96, may be' inserted. The PCMCIA card 

94 or 96 ia an electronic device that acts as the user's 
digital signature card, provides a secure means for 
generating a signature with a private signature key, and 
acta aa an electronic checkbook. Alternatively, the 
electronic checkbook with its register may ba a separate 
card from tha digital signature card. 

Each workstation 90 and 92 contains a software 
package 102 or 104 to be run by the CPU. Besides the 
usual operating system, the software package contains 
programs for handling electronic checks. The payer's 
workstation 90 has manipulations of the electronic 
checkbook as one of its software applications, including 
invoking tha signature function of the PCMCIA card 94 to 
attach the payer's signature to an electronic check. The 
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electronic checkbook application prepares an electronic 
check to be sent to the payee 14 upon the input of the 
necessary information by the payer 12 and records the 
transaction in a secure electronic register 95. The 
5 payer's workstation 90 also has finance software for 
keeping track of the payer's transactions and 
communications software for sending the electronic check 
and other information electronically over one of the 
networks from its modem 91 to another party's modem. 

10 The payee's workstation 92 similarly has finance 

and communications software applications. However, the 
payee's workstation 92 has software for preparing an 
order or invoice to be sent to the payer 12. It also 
contains software for invoking the signature function of 

15 the PCMCIA signature card 96 to attach the payee's 

signature to an electronic check as an endorsement before 
the payee 14 sends the electronic check to the payee's 
bank for deposit. 

The format of an electronic check is similar to 

20 the format of a conventional paper check. The electronic 
check is a standardised text block consisting of the 
check body, one or more signatures and one or more 
endorsements and certificates. It is formatted as a 
series of 7 bit ASCII text lines using a restricted 

25 character set in order to be compatible with a wide 
variety of electronic mail systems, including those 
implementing the Internet Simple Mail Transfer Protocol. 
The format of the electronic check is based on tagged 
value pairs. Each information line is composed of a 

30 label name and a value, e.g., amount-$l9.95. 

An electronic check is typically created with a 
template document, as seen in Pig. 5. The top portion 
106 of the template 105 is contains the payee's 
remittance information. The bottom portion 107 of the 

35 template contains field that the payer completes to 
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prepare the electronic check. The template may be sent 
by •-sail from the payee to the payer, in which case the 
payer can use an editor or word processor to enter order 
and remittance information. The check body can also be 
5 pre-formatted by the payee with the amount, "pay to the 
order of", and payer's public key lines already 
completed, allowing the payer to enter minimal 
information into the body of the electronic check before 
signing it. Alternatively, the payer can use a general 
10 template and an editor, word processor or other 
application, such as Quicken, to create a properly 
formatted electronic check. 

Once the template is filled in by the payer, the 
electronic check is signed by passing it through the 
15 payer's electronic checkbook. The electronic checkbook 
is contained within a PCMCIA card containing the payer's 
private signature key and certificates from the bank and 
the federal reserve. The certificates are 
cryptographically signed letters of reference attesting 
20 to the validity of the payer's account and the payer's 
authority to write checks against the account, and the 
bank, respectively. 

For example, in Pig. 6, electronic check 110 
contains an identification number for the electronic 
25 check 112, the date that the electronic check was created 
114, an order to the bank to pay a certain sum of money 
116, the name of the payee 118, the payee's public key 
119, the sum of money to be paid 120, the payer's account 
number 122, the name, address and telephone number of the 
30 payer 124, and the payer's signature 126 in digital 

format verifiable using the payer's public signature key 
134. An additional feature of an electronic check 
delivered over a public network is the payer's network 
address 128, e.g. an Internet address, to permit the 
35 payee to acknowledge receipt of the electronic check. 
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The electronic check also may contain a memo lina 130 for 
storing information personal to tha payar and a sacura 
hash algorithm (SHA) 132 rasulting from a calculation 
over an associated document, to attach sacuraly items 
5 such as an invoice received from the payee. 

The standardized format of an electronic check 
makes it a flexible instrument, permitting multiple 
signatures, annotations and transformation into other 
document types. The standardized electronic check is 

10 also usable over different transportation means, such as 
the Internet and e-mail. In particular, the transport 
protocols include FTP, STTP and HTTP for tha Internet. 
The format of the electronic check is independent of the 
transport protocol. 

15 Further, the format of an electronic check is 

modular, in that several information lines can be grouped 
as a block, as seen in Fig. 7. Any number of information 
lines 3 grouped between begin and end lines 4 and 5 is a 
block 6. Bach block has an identifying name which is 

20 used to reference it, and blocks can be combined to form 
other more complicated documents with a meta line 7. The 
modularity of electronic checks also allows for 
independent signature of any block by any entity and for 
use of the system for other financial instruments, such 

25 as letters of credit and loan documents. 

The security and authentication aspects of 
electronic checks are supported by digital signatures 
using public key cryptography. Public key cryptography 
uses very large numbers and complex mathematical 

30 calculations to protect the integrity and secrecy of an 
encoded electronic transmission. As seen in Fig. 8, a 
digital cryptographic signature 101 is a long number or 
numbers (here expressed in hexadecimal notation) 102 
which are produced by the signer's use of his private 

35 signature key and the message to be signed as inputs to 
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the public key signature Algorithm. The signature may 
also be accompanied by a date and time stamp 103 . The 
cryptographic infrastructure is used to authenticate the 
payer and account, electronic check document and issuing 
5 bank, and to securely seal the electronic check, 
permitting the use of public networks for sending the 
electronic check. Most importantly, digital signatures 
may be used to verify a document after issuance. 

A public key, applied to verify a cryptographic 
10 digital signature, is always generated in conjunction 
with the private key which is used to create the 
signature. The payer's digital signature 126, the 
payer's public verification key 134, and the message 
which was signed are used as inputs to the public key 
15 signature verification algorithm, which produces a true 
or false value. Public key cryptographic signatures are 
useful because the signature of a signer, computed using 
the signer's private key, can be verified by anyone else 
who knows the signer's public key. Since the signer 
20 computes his signature on a document using his private 
key, and since the verifier Verifies the signer's 
signature using the signer's public key, there must be a 
way for the verifier to trust the association between the 
signer (and his account information) and the public key 
25 used to verify the signer's signature on the electronic 
check. Cryptographic signatures are used to sign checks 
when they are written, co-signed, endorsed and processed. 
Cryptographic signatures are also used by certification 
authorities to sign certificates or "letters of 
30 reference" that contain a name or description of a signer 
and the signer's public key. Thus, anyone who trusts the 
certification authority and who knows the certification 
authority's widely publicised signature verification key 
can verify the certificate and trust the signer's public 
35 key for use in verifying the signer's signature. 
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A party signing an electronic check is tha only 
entity in possession of its private signature key. The 
private signature key need never be exposed to a third 
party, Baking it difficult to forge. The private 
5 signature key generates a cryptographic signature in a 
secret code, which is unique and is identified only with 
the signer. Signature cards always keep the private key 
internal to the processor and memory on the card. The 
document to be signed is sent into the signature card, 

10 and the signature card uses the private key to compute 
the signature. The private key is never accessible via 
the card's connector. 

The public signature key must be used in 
conjunction with a cryptographic signature verification 

15 algorithm upon receipt of the signer's signature to 

verify the signature. The public signature key is known 
and used by others, who obtain the public keys prior to 
or during a transaction. The use of public key 
cryptography allows the public keys to be used and stored 

20 independently of the private keys. However, the public 
and private keys are mathematically linked, since they 
are generated as a pair. 

Tamper-resistant signature cards or other hardware 
devices are useful to compute the cryptographic digital 

25 signatures without the possibility of disclosing the 
signer's private signature key. Tamper-proofing of an 
electronic check and associated information is achieved 
using digital signatures and a secure hash algorithm. 
Signature cards, or special cryptographic processors, can 

30 be used to better secure the private keys and greatly 
reduce the need for diligence and skill on the part of 
the account holders to secure their keys, especially 
against attacks through network connections by computer 
hackers. Further, the signature card may keep a non- 
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erasable log of documents signed , so that the holder can 
review whether all uses of the card have been legitimate. 

One difference between an electronic check and a 
paper check is the presence of authenticating 
5 certificates, in particular an account certificate 136 
and a bank certificate 138. The payer can expedite the 
establishment of trust anong the parties to the 
transaction by enclosing with the signed check a "letter 
of reference" or cryptographic certificate 136 regarding 
the payer's account , stating the payer's name, address 
and telephone number 124 and Internet address 128, 
account number 122, and public signature verification key 
134, signed by the bank holding the payer's account with 
its digital signature private key 140. Similarly, a 
second letter of reference or certificate 138 regarding 
the payer's bank states the payer's bank's name 142, 
address 144, electronic network routing code 146 and 
public signature verification key 148, signed by a 
central body such as the federal reserve with its digital 
signature private key 150. Therefore, anyone knowing the 
federal reserve's public signature verification key 152 
can sequentially verify the bank's certificate 138, the 
account certificate 136, and then the payer's signature 
126 on the electronic check. 

The certificates are the electronic check 
mechanism for providing a trusted identification between 
trading partners. The trust mechanism currently used is 
pro -arrangement of the transaction, so that the receiving 
party is assured of the secure transmission of the 
transaction. The structure of the electronic check 
system with certificates enables banks or their agents, 
in the role of trusted parties, to provide certificates 
that validate the identity and authenticity of the 
electronic check issuer. Trading partners will be able 
to validate these certificates, if desired, on-line, and 
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conduct business without pre-arrangeaent, but with the 
assurance that the other party to tha transaction i» 
authantic. 

Tha usa of cartif icatas in tha alactronic check 
5 system permits validation at any point, by anyona, in the 
paynant cycle. Electronic checks and electronic 
checkbooks can be authenticated by the use of public key 
certificates at any point in the settlement cycle by the 
payee or the bank. Further, deposit slips and 

10 endorsements by the payee aay be cryptogxaphically linked 
to an electronic check as it is processed, resulting in 
an electronic document suitable for archiving and usa as 
evidence of payment. 

In order for payers to determine the public 

15 signature keys of payees, and thereby help to ensure that 
their checks are paid to the correct person, it may 
useful to publish the public signature keys in a public 
directory. Alternatively, the payee can furnish his 
public signature key and certificates with the order 

20 blank, invoice or remittance information. In this case, 
the payer may consult the -certificate revocation list 
(CRL) portion of the directory service to determine 
whether the certificate and account are still valid. 
Similarly, the payee may consult the CRL to determine the 

25 status of tha payer's account prior to endorsing and 
depositing the electronic check. 

An electronic check may be delivered by hand, 
direct transmission or public electronic mail systems. 
An electronic check may be printed out at the bank of 

30 first deposit and passed through the system as a paper 
check. The signatures and certificates are also produced 
with OCR and scanned by the issuing bank. Electronic 
checks transmitted via electronic mail may be accessed at 
personal computers with industry-standard protocols or 

35 Application Programming Interfaces (API's) , such as VIM 
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or MAPI, or they may be embedded within dedicated 
application protocols such as the HTTP server protocol 
ussd by Zntsrnst World Wids Web servers. In either case, 
the format of the electronic check is independent of the 
5 underlying transmission protocol. Further, disclosure of 
the electronic check instrument during transmission will 
not enable fraudulent presentation by others. Thus, the 
payee need not acknowledge receipt of the electronic 
check. However, the payer's e-mail address is included 
10 to permit acknowledgement. Systems providing certified 
electronic mail may be used to provide a guarantee of 
delivery. 

Upon receipt of the signed electronic check and 
associated order, invoice or remittance information, the 

15 payee processes the payer's order, extracts the 

electronic check and endorses the electronic check. The 
endorsement is done by the payee's electronic checkbook, 
which signs the check, adds its own endorsement 
information and appends the payee's certificate 

20 information. The payee's PCMCIA card also automatically 
assigns sequential transaction numbers to endorsements to 
ensure that each endorsement is unique. This number 
should be included in the deposit and clearing 
information, so that the payee can reconcile checks 

25 mailed to the payer's bank for cashing with the deposits 
recorded in his bank statement. 

Upon endorsing the electronic check, the payee 
creates a deposit instrument 160 which is attached to the 
electronic check 110, as shown in Pig. 6. The deposit 

30 instrument 160 may contain some of the same information 
as in the endorsement, such as the payee's account 
number. The deposit instrument 160 contains an 
identification number 162, the date 164, and the sum of 
money to be deposited 166. It also contains the payee's 

35 account number 168, the name, address and telephone 



WO 96/31963 



PCIYUS96/04771 



- 26 - 

number of the payee 170, the payee's Internet address 174 
and the payee's aignatura 175 in digital format raadabla 
using the payee's public aignatura key 172. The deposit 
instrument 160 alao may contain a memo line 180. 
5 The deposit instrument may alao contain an account 

certificate 190 and a bank certificate 192. The account 
certificate 190 states the payee 'a name, address and 
telephone number 170 and Internet address 174, account 
number 168, and public signature verification key 172, 

10 signed by the bank holding the payee's account with its 
digital signature 176. Similarly, the bank certificate 
192 regarding the payee's bank states the payee bank's 
name 178, address 182, electronic network routing code 
184 and public signature verification key 186, signed by 

15 a central body such as the federal reserve with its 
digital aignatura 188. Anyone knowing the federal 
reserve's public signature verification key 152 can 
sequentially verify the bank certificate 192, the account 
certificate 190, and then the payee' a aignatura 175 on 

20 the electronic check. 

The endorsement function of the electronic 
checkbook need not be as secure aa in the case of 
originally signing an electronic check. However, a 
heightened level of security is needed if the same 

25 aignatura card is used by the payee for both check 
writing and endorsement. 

The endorsed check is then forwarded to the 
payee 'a bank to be deposited or cashed, with the proceeds 
to be deposited to the payee's account. Payments or 

30 deposits consisting of electronic checks are gathered by 
banks via e-mail or other protocols and cleared through 
standard banking channels, such as bilateral agreement, 
ACH or ECP, automatically following the bank routing code 
146. 
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Upon receipt of the endorsed check after 
clearance, the payer's bank verifies that the check was 
properly endorsed using the payee's public signature key. 
It also verifies the payer's signature, and optionally 
5 the account and bank certificates. The amount of the 
check is debited from the payer's account, assuming 
available funds, and then stored for archival purposes. 
Finally, an ACT credit transaction is originated to 
settle with the payee bank (or multiple transactions with 

10 the payee bank may be settled in an accumulated group) , 
which credits the proceeds of the cashed check to the 
payee's account at the payee's bank. If the size of the 
check so warrants, the payee's account may be credited by 
Fed Wire or other expedited processing. For example, the 

15 payer's bank may e-mail notification to the payee's bank 
for crediting prior to receipt of actual funds by other 
means. 

The payer's bank will return the endorsed 
electronic check to the payee if it cannot be cashed, 

20 e.g. due to insufficient funds, or if the deposit 

transaction fails, e.g. the payee's account is closed. 
For example, if the deposit transaction fails, the 
payer's account may credited with the amount of the 
returned check in some flows. 

25 The payer's and payee's banks provide statements 

or reports to the payer and the payee, respectively, 
regarding their electronic check transactions. These 
statements may be generated electronically or on paper. 
The payer's bank may include a copy of the electronic 

30 check with the payer's statement. The payee's bank may 
identify the payee's deposit transaction on the payee's 
statement, including the deposit number, so that the 
payee can reconcile an electronic check sent 
electronically to the bank for cashing with the 

35 transactions actually credited to the payee's account. 
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The primary security •lament of electronic checks 

-is the-use of an electronic checkbook in_the form of a 

PCMCIA card, which generates an electronic check and 
stores a record of it in a secure check register. 
5 Possibly suitable PCMCIA cards are Tessera, National 
Semiconductor's iPower and the Telequip CryptaPlus card. 
Alternatively, the electronic checkbook may be 
implemented in an ISO format IC chip smart card or smart 
disk (perhaps without the check register due to memory 

10 limitations) , or it may be implemented in cryptographic 
hardware processors for use by systems that process large 
volumes of checks or maintain a number of electronic 
checkbooks. The PCMCIA card is ideal for a transaction 
between two personal computers, but the smaller and more 

15 portable smart card is better suited to a POS transaction 
at a merchant's premises (if the appropriate smart card 
reader is implemented) . 

A PCMCIA card is an electronic device that 
provides greater security for a financial transaction. A 

20 PCMCIA card, or in the case of mainframe accounting 
systems, a secure black box, e.g. a Racal's Guar data, 
protects transactional systems from unauthorised access. 
The PCMCIA card is a separate, narrowly defined, secure 
electronic environment used in conjunction with a 

25 terminal such as a personal computer. Information passes 
back and forth between the PCMCIA card and the terminal 
or workstation. 

The tamper-resistant PCMCIA card contains a 
mechanism to generate or store unique check identifiers 

30 and calculates and verifies digital signatures and 

certificates using public key cryptography. The PCMCIA 
card securely stores the user's private cryptographic 
key, which is used to digitally sign electronic checks 
when they are written and endorsed. The PCMCIA card is 

35 preferably initialised by deriving its own random private 
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key using an internal hardware random number ganarator. 
Cartifioataa ara previdad and backed by a Certificate 
Issuing System (CIS) . 

Tba PCMCIA card is also protactad by providing for 
5 antry of a paraonal idantif ioation number (PIN) . The PIN 
and privata signatura kay must ba stored in ths 
electronic checkbook in such a way that thay cannot ba 
raad out through the alaetronic interface of the 
electronic checkbook. Sons mechanical action Bay be 

10 required of the payer for each new check, either 
reinsertion of the PCMCIA card into its port on the 
payer's workstation or activation by a push button on the 
card itself, to guard against fraudulent use of the card 
once it is attached to the payer's computer. 

15 Additionally, a tine-out mechanism aay ba used. The 
PCMCIA card also maintains a register of checks signed 
and issued. The electronic check register should be kept 
in the PCMCIA card for security reasons, and it should be 
raad only froa the PCMCIA's interface. The register aay 

20 be read, but not overwritten. 

As seen in Pig. 9, a* PCMCIA card 200 aust contain 
at least the PCMCIA card serial nuabar 202, the PIN 204, 
the cryptographic function 199, the signer's private 
signature key 206, and check and endorseaent logs 224 and 

25 226 in a register 222. The public keys for the federal 
reserve 220, the account certificate 208 and the bank 
certificate 210 aay be kept on the PCMCIA card, but 
storing thea in the workstation peraits verification 
using the federal reserve's public key in the case of 

30 suspected alteration of the certificates. The electronic 
checkbook should be accessed using a standard API 228. 
The input and output of the electronic checkbook should 
be compatible with aail user agents, file editors and 
other software for general uses, as well as specialized 
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financial applications, on a variety of platform* 
including personal eoaputars and workstations. 

Ths alsctronic checkbook contains a register 222 
that functions Ilka a convantional checkbook register, 
5 but without account balances. When an electronic check 
is created, the electronic check number, date, amount, 
payee, signature and hash are recorded in a check log 
224. For each deposit made into the electronic check 
account endorsed by the electronic checkbook, the deposit 

10 number, date and amount are stored in an endorsement log 
226. If the electronic checkbook has the capability, 
there may also be entries for bank fees and interest 
earned on the account. Integrating the electronic 
checkbook with other software applications would allow 

15 the electronic check account to be automatically 

balanced. Since the register may only have a limited 
memory space, the oldest transactional items are removed 
automatically when the memory has been exhausted. 
The PCMCIA card 200 acts as an electronic 

20 checkbook in conjunction with various application 
functions 221. For example, an interface with the 
Internet is set up in a World Wide Web browser and 
server. There is also a form generator for electronic 
checks and other forms. In particular, a merchant will 

25 have applications such as a sales catalog, accounts 
receivable and order processing. There are also 
communications and other personal finance application 
functions. The output 223 of the PCMCIA card is an 
electronic check, either signed by the payer or endorsed 

30 by the payee. A QIF formatted file or an applications 
interface file are generated in software outside the 
electronic checkbook. 

The electronic checkbook 200 should also be 
compatible with a screen-based telephone 250 connected to 

35 a dial-up server 252, as seen in Fig. 10. In this ease, 
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most of the contents of the electronic chock would bo 
assembled by the screenphone 250 and the server 252 using 
information storod by oaoh. Tho variable information, 
such as tho payoo and amount, would bo aont from tho 
5 scroonphono to tho sorvor as part of tho en-lino 
transaction. To complete the electronic check, the 
scroonphono would enable the electronic checkbook 200 
using the payer's PIN 204, the electronic checkbook would 
sign the electronic check, and the screenphone would send 
10 the signature to the server. The server would verify the 
signature and assemble the completed and valid electronic 
check for mailing to the payee 14. 

The PCMCIA card prefixes each electronic check 
with its serial number, which is imbedded in the 
15 processor of the card during its manufacture. This 
number helps determine whether the electronic check was 
signed by a legitimate electronic checkbook in case of 
fraud investigations. The PCMCIA card also automatically 
increments the numbers of the electronic checks, since 
20 the check numbers for each PCMCIA card will be sequential 
and since each PCMCIA card will have its own public 
signature key, every check will be unique. 

Another feature of the PCMCIA card is the use of a 
secure hash algorithm (SEA) , such as an NIST Secure Hash 
25 Algorithm, with respect to documents or information 

associated with or attached to an electronic check. This 
feature "seals" the associated information and binds it 
to the signed electronic check. The payee can then 
verify that the associated information belongs with the 
30 electronic check and has not been changed after the 
electronic check was signed. 

The only function which must be performed by the 
PCMCIA card is creating the signature, since the payor's 
private signature key can never be allowed to leave the 
35 PCMCIA card, for security reasons. However, better 
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security is achieved if the SHA of the slsctronic check 
is also performed by the PCMCIA card, so that the PCMCIA 
can bs sure that ths number, dat« f payss and aaount 
loggsd into ths PCMCIA card ars ths onss ussd in ths 

5 computation of ths SHA. 

Ths slsctronic chsckbook is issusd by ths bank 
that holds ths slsctronic checking account. Initialized 
slsctronic checkbooks may be sent to ths account holder, 
in which cass ths PIN should be ssnt separately for 

10 security reasons. Alternatively, uninitialized cards may 
bs distributed to bank branches. Ths bank officsr can 
than uss a trusted initialisation terminal and a spscial 
smart card idsntifying ths bank officer to established a 
secure connection to a csntralizsd CIS. The new card is 

15 inserted into ths terminal to bs initializsd. This 

method has ths advantage of making slsctronic checkbooks 
immediatsly available to new customers, accounts can be 
addsd to slsctronic checkbooks already being ussd by the 
customer, and certificates can bs refreshed prior to 

20 their expiration datss without issuing nsw slsctronic 
checkbooks. Ths bank, or its agent, is also acting as a 
certifying authority sines it is responsible for 
authenticating ths identity of ths slsctronic checkbook 
holder and for snsuring that ths slsctronic chsckbook and 

25 PIN ars dslivsrsd to ths correct person. Ths slsctronic 
check may also support correspondent banking 
relationships, and will allow another bank or approved 
third party to act as a stand-in processor for slsctronic 
checks for banks that ars unable to directly support the 

30 processing requirements for slsctronic checks. This will 
facilitats slsctronic check deployment in a secure way 
without affecting the traditional bank-customer 
relationship. 

Similar functions to those of the PCMCIA card can 

35 bs served by large seals cryptographic processors, such 
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as Atalla or Racal Guardata boxes, for largs opsxations 
vhsrs Individual signature cards -are impractical. For 
servers or mainf rames vhich issua or endorse a larga 
volume of checks, or vhich issua or andorsa chaclcs on 
5 bahalf of a number of account holders, tha processing and 
key storage capacities of signature cards may be 
exceeded. In this case, special cryptographic hardware 
Bust be used. 

Although the electronic check's primary use is to 
10 make electronic payments on public networks, it may be 
used in any situation where a paper check would be used. 
For example, banks will use electronic checks to gather 
electronic deposits from public network users, providing 
an opportunity for complete full service electronic 
15 remote banking anywhere the customer is connected. POS 
and ATM implementations are also possible. 

The electronic check also provides a generic model 
for all electronic, digitally signed and authenticated 
financial instruments. The check provides a well 
20 understood model for payment, and its electronic analog 
is necessary for electronic commerce, even if other forms 
of electronic payment exist. The electronic check will 
tie other forms of payment into the financial 
infrastructure, since checks end up involved at some 
25 point in most payment mechanisms. 

Through specification of user-defined attribute 
parameters and routing information, the electronic check, 
unlike a paper check, can be made to resemble other 
financial payments instruments. The flexibility of the 
30 parametric approach enables multiple electronic payments 
instruments to meet current needs, while providing for 
new financial instruments. The electronic check may 
embrace a wide variety of the debit and funds transfer 
functions found in today's banking, as well as other 
35 functions yet to be introduced. The provision of new 
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parameters would enable a variety of simple and compound 
transactions, such as cashier's and certified chocks, 
drafts on a savings account or linos of crsdit, 
travalar's cheeks, cradit card dabits or cradits, foraign 
5 or multi-currancy drafts, and "split" or "limit" chocks 
that may be andorsad "up to" a pradafinad limit. These 
possible instruments will present new processing options. 
Tor example, an electronic check may be made out such 
that it is valid up to a certain amount, e.g., for a 

10 hotel room deposit. When endorsed, the electronic check 
can then be endorsed for the actual amount of the 
expense, up to the previously defined limit. Other 
examples may include letters of credit, loan agreements 
and loan applications. In some cases, changing the 

15 instrument type may change the conceptual flow, or 

routing information; in other cases, the flow may remain 
unchanged. 

For example, as seen in Fig. 11, a certified 
electronic check involves a payer 12 creating an 

20 electronic check in the usual manner as described above. 
Certified checks are endorsed and cashed similar to 
normal checks, except that the payee 14 is guaranteed 
that the funds are available. The payer 12 e-mails the 
electronic check to the payer's bank 36 for 

25 certification. The bank may require the use of privacy 
enhanced mail or an equivalent to ensure the identity of 
the payer and that the communication with the payer is 
confidential. The bank will then append a certifying 
signature to the check and e-mail it back to the payer. 

30 Upon receipt of the certified electronic check, the payee 
can verify the bank's certification signature as part of 
the validation of the check. 

As seen in Figs. 12-15, there are multiple 
scenarios for the functional flow of electronic checks. 

35 in the "deposit and clear" scenario (Fig. 12) , the payer 
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12 receives a bill or invoice from the payee, issues an 
electronic check, and sends it to the payee. The payee 
14 endorses the electronic check and presents it to his 
bank 46 which, in turn, will settle it with the payer's 
5 bank 36. This is the usual format, as described in 

detail above. In the "cash and transfer" or "Z" scenario 
(Pig. 13) , the payer 12 receives a bill or invoice from 
the payee, issues an electronic check, and sends it to 
the payee. The payee 14 endorses the electronic check 
10 and presents it directly to the payer's bank 36, which 
sends payment to the payee's account at his bank 46. For 
the "lockbox" scenario (Pig. 14) , the payer 12 receives a 
bill or invoice from the payee 14, issues an electronic 
check, and sends it to the payee's bank 46, either 
15 directly or via a lockbox 260 or other secure 

intermediary. The payee's bank 46 then sends accounts 
receivable information to the payee and clears the 
payment with the payer's bank 36. In this scenario, 
there may be no payee endorsement. Finally, in the 
20 "funds transfer" scenario (Pig. 15) , the payer 12 
receives a bill or invoice from his bank 36 (assuming 
electronic bill presentment allows for capture of the 
payee's bills by the payer's bank) , issues an electronic 
check, and sends it to his bank. The payer's bank 36, in 
25 turn, transfers funds to the payee's account at the 

payee's bank 46, which sends a record of the transaction 
to the payee 14 with accounts receivable information. 

It is clear that electronic checks can be used 
directly between individual parties, or through third 
30 party service providers. Electronic checks can be 
exchanged consumer to consumer, consumer to business, 
business to consumer, and business to business. If the 
payer is a business, then the requirements for signing 
and logging capacity in the electronic checkbook may be 
35 greater due to volume requirements. 
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The format* of an electronic check and the entire 
electronic check systea will be uniform, so that the 
alactronic check systea aay ba intarconnactad and usad in 
conjunction with standard Application Programing 
5 Zntarfacas (API's) , such as standard alactronic chackbook 
intarfaoas and alactronic check display intarfaeas. 
API's apply on tha laval of individual chack prooassing 
as wall as intagration of tha antira ays tarn. For 
example, tha C languaga aay ba usad to dafina an 

10 alactronic chack with fiald such as tha data, tha amount 
and tha payaa. Also, tha Intamat World Wide Web brovsar 
intaracts with tha alactronic chackbook using an API to 
craata tha complete alactronic chack. Tha alactronic 
chack API's do not changa, so that tha systaa aay ba 

15 interfaced with any systaa by rewriting tha particular 
systaa API and tha link to tha alactronic chack systaa. 

For axaapla, as ssan in Fig. 16, an alactronic 
chackbook 200 sands an alactronic chack over tha network 
65 after interfacing with a driver 201 at a connector 

20 interface 205. The driver 201 works under a driver API 
203, which is connected to the signer's application 
software 207. Through a aail API 209, tha coapleted 
electronic check is sent over the network 65. 

The electronic check systea aay be considered a 

25 aodule which provides services to other aodules and to 
API's. The flow of an electronic check through the 
systea is governed by a series of protocols. The API's 
provide electronic check services to user interface 
applications, to financial applications such as bill 

30 payment, and to third party applications. The nodular 
design of electronic checks also peraits separation of 
the cryptographic functions from the applications which 
write and endorse checks, both physically and logically, 
to facilitate application of tha cryptographic 
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infrastructure to ■•cur* other financial instruments or 
documents; i.e., two cards may be us ad. 

Tha fiva primary applications and API's naadad for 
tha alactronic check system are management, check 
5 writing, check acceptance and endorsement, check clearing 
and reconciliation. Management functions allow for card 
issuance, inactivation, reactivation, and signature key 
management functions. Check writing is assumed to be 
performed by the payer, acceptance and endorsement by a 
10 payee, clearing by the banks, and reconciliation by the 
payer. Most users and organization will assume the roles 
of both payer and payee, but at different times. 

There is a base set of supporting modules. These 
base modules provide for the creation, destruction, and 
15 manipulation of a parameterized electronic financial 

instrument (the electronic check) , the interpretation of 
such instruments as electronic checks, the generation and 
verification of digital signatures on the payment 
instruments, and tha interaction with electronic 
20 checkbook hardware devices. 

API functions for supporting the application needs 
described include a "write" function, for creating an 
electronic check, binding it to an attached document (if 
present) and signing the electronic check; a "co-sign" 
25 function, for appending a second signature to the 
electronic check; a "verify" function, for verifying 
signatures on a check and validating the binding to an 
associated document (if present) ; an "endorse" function, 
for verifying signatures on the check, and if valid, 
30 appending an endorsement and signing tha check to be 
deposited or cashed; a "register read" function, for 
reading the contents of the check register contained in 
the electronic checkbook; and a "register entry" 
function, for appending an entry to the check register. 
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Por example, an electronic check can be attached 
to electronic remittance information provided by a remote 
payee. This enables the payaent to be made, routed 
correctly and automatically posted to both parties' 
5 accounting systems. Integration with micropayment 

accounting systems for high volume, small value financial 
transactions will enable those systems to settle accounts 
using an electronic checks. The standardisation of the 
electronic checkbook interfaces and the API's to access 

10 electronic checkbook functions simplifies integration 
with a variety of home and small business accounting and 
communications software packages. By defining the layout 
of the electronic check, the information it contains 
(e.g., account number and amount) can be readily 

15 extracted from the electronic check and used in other 
applications through the API's. 

Additional API functions are used to process 
ancillary electronic messages such as acknowledgment of 
deposit, returned checks, and electronic statements. The 

20 parametric financial instrument approach allows reuse of 
the cryptographic infrastructure, especially the verify 
function, to safeguard the integrity of these messages. 
Por instance, the verify function can be used by the 
payee to verify the signature of the payer, as well as by 

25 the payee's bank and the payer's bank to verify check 
signatures and endorsements prior to further processing 
to cash or clear the electronic check. 

The API functions will be implemented by a 
combination of software operating in the user's personal 

30 computer and in the electronic checkbook hardware. In 
the case of a PC Card, using the PCMCIA interface and 
standard Card and Socket Services, most of the functions 
may be implemented on the PC Card since it can support 
substantial processing, memory and interface bit rate. 

35 This approach maximises the portability of electronic 
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checking information because the electronic checkbook 
register function is physically coupled to the signature 

function. 

The electronic check functions in an environment 
5 of programmatic tools, including interacting API's, 

modules and protocols. As seen in Fig. 17, an electronic 
check is generated at the payer's workstation using 
signature card API's 300 and electronic checkbook API's 
302. The electronic check is transmitted by the payee 
using electronic mail and transport API's 304. The 
payee's workstation also receives the electronic check 
through its electronic mail and transport API's 306. The 
electronic check is integrated into the software of the 
payee's workstation using an electronic check translator 
module and is acted upon by the software in application 
modules 308. The electronic check modules 310 include 
extraction of the check from the transmission, electronic 
check validation, and extraction of the remittance 
originally sent from the payee to the payer. After 
applying endorsement API's 312 to endorse the electronic 
check, the payee's workstation transmits the endorsed 
electronic check to the payee's bank for deposit using 
its electronic mail and transport API's 306. 

The payee's bank receives the endorsed electronic 
check via its electronic mail and transport API's 314 
according to a defined transport and deposit protocol 
316. The modules applied by the payee's bank include an 
electronic-check translator 318, electronic check 
validation and application integration modules 320. 
After interbank clearing, the electronic check with the 
payee bank's endorsement is sent electronically to the 
payer's bank, which receives the processed electronic 
check through its electronic mail and transport API's 
322. The payer's bank also has modules such as an 
electronic check translator 324, and electronic check 
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validation and application integration modules 326. The 
electronic check infraetructure ia governed by a computer 
at tha payer 'a bank or ita aganta which containa 
protocola 328 for tha key server, public kaya and the 
5 CRL. 

Tha alactronic processing scheme may alao be 
applied to "exceptional" caaea, auch aa electronic checks 
returned due to insufficient funds in the payer 'a 
account. Since exceptiona procaaaing providea for 

10 dealing with a problem in the normal flow of the 

electronic check through the system, the conventional 
paper check procedure say be necessary, although aspecta 
of the electronic procedure may be used aa support for 
more expedited exceptions processing. 

15 Solutions to the problem of potential fraudulent 

usage of electronic checks muat be built into the system 
at each stage of the procaaaing of an electronic check to 
ensure the integrity of the entire system. 

The security measures discussed above will 

20 eliminate moat of the causes of losses due to bad checks, 
including forgery, alteration, duplication, and 
fraudulent depositing. Forgery is prevented by ensuring 
that digital signature keys are stored in secure hardware 
devicea and through appropriate controls over the 

25 validity of electronic check certificates. Alteration is 
prevented by the application of digital signaturea to the 
electronic check and through the use of the SHA function 
which creates a unique digest of the electronic document. 
Duplication ia a somewhat more difficult problem 

30 to prevent, since by its very nature an all-electronic 
document can be eaaily reproduced. Although each of the 
payee, the payee's bank and the payor's bank verifies 
that there ia no recent duplicate check, the problem of 
duplication ia addressed in several additional waya. 

35 First, electronic checks must be dated and will expire 
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more rapidly than papar checks. Sacond, alaetronlo chack 
certificates will also expire, preventing their uaa after 
a glvan time pariod. This anauraa that tha accounts ara 
periodically refreshed, and that tha bank has an 
5 opportunity to ensure tha integrity of tha secure key 
storage device. Third, the issuer bank keeps an archive 
of electronic checks which have been presented 
previously, in addition, an "active" check file will be 
used against which checks can be matched. This file need 
10 only store the checks for valid dates, as mentioned 
above, and tha electronic check serial nuaber and hash 
information to identify a duplicate. Also, the payer may 
send check details such as the check number, date, 
signature, payee and amount to the payer's bank at the 
15 same time aa the electronic check is sent so that the 
issuer's bank can maintain a file of used electronic 
checks. This file can be used to determine if a 
duplicate electronic check was issued and paid by the 
payer's bank. The combination of these efforts should 
20 effectively minimise the risk of a duplicate electronic 
check successfully flowing through the payments system. 

Fraudulent depositing is another significant 
issue, since electronic checks which are sent unencrypted 
could conceivably be deposited or "cashed" by someone 
25 other than the intended recipient. The electronic check 
provides for application of the intended recipient's 
cryptographic keys to minimize this problem. 

In the event that an electronic checkbook is 
compromised, e.g., lost, stolen, or repudiated by e 
30 customer, then the certificates for that electronic 
checkbook can be revoked. 

Ensuring the confidentiality of critical customer 
information is a priority for any network payments 
instrument. To this end, the electronic check need not 
35 contain existing checking account numbers which could be 
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intercepted and than uaed to commit fraud by papar 
checks. Digital account nuabara may be linked with non- 
alaetronie account nuabara ao that both typaa of 
tranaactiona may take placa with raapact to tha same 
5 account. Encryption of an alactronic chaclc ia not 
raquirad to prevent fraud dua to tha uaa of privata key 
cryptographic aignaturaa. Howavar, alactronic chadca and 
othar parameterized payment instrunants Bay ba encrypted, 
vhara poaaibla, during tranemiaaion batvaan partiaa to 

10 anaura confidantiality. 

Tamper-resistance of tha PCMCIA card ia alao 
naadad to tha axtant nacaaaary to make it economically 
unattractive for attackers to ataal aignatura cards, 
extract tha privata kay, and paaa bad chacka using tha 

15 privata aignatura kay bafora tha card ia reported atolen 
and disabled. Any attempt to extract tha privata 
aignatura kay should raault in avidant alteration of the 
card and should taka at laaat a faw daya to succeed. 
Howavar, an extremely high degree of tamper-proofing ia 

20 not necessary, since the card only containa private 
information for one or several accounts (rather than 
system level secrets) and since the card holder has an 
incentive to report theft or tampering (rather than to 
extract a secret to uaa for fraud or counterfeiting) . 

25 Moat importantly, the account and bank 

certificates can have expiration dataa in order to limit 
the time during which electronic checka can ba written. 
An account may be closed prior to the expiration of the 
account certificate for other security reasons, 

30 preventing verifiers from knowing that the aignatura on 
the electronic check ia good until it clears. If the 
account ia cloaad, ita associated certificates are 
revoked. This ia no different from the current situation 
in which someone continues to write chacka using check 

35 blanks from a cloaad account. Tha rapid clearing of 
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electronic checks vill deter this behavior, and banks can 
offer automated check verification services which verify 
signatures, account status and funds availability. 

Other embodiments are within the scope of the 
5 following claims. 
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1. A computer-based method comprising 
creating an electronic instrument for affecting a 
transfer of funds from an account of a payer in a funds- 
holding institution to a payee, the instrument including 
5 an electronic signature of the payer, and 

appending, to the electronic instrument, digital 
representations of a verifiable certificate by the 
institution of the authenticity of the account or the 
account holder. 

10 2. A computer-based method comprising 

effecting a transfer of funds from an account of a 
payer in a funds-holding institution to a payee in 
accordance with instructions of the payer, by 

creating an electronic instrument which includes 
15 digital representations of (a) the instructions, (b) the 
identity of the payer, (c) the identity of the payee, and 
(d) the identity of the funds-holding institution, 

including with the electronic instrument, digital 
representations of (a) a verifiable signature of the 
20 payer, and (b) a verifiable certificate of the 

authenticity of the payer and of a public signature 
verification key of the payer, 

electronically delivering the electronic 
instrument to the institution at least in part via a 
25 publicly accessible data communication medium, and 

at the institution, verifying the signature of the 
payer and the certificate in connection with transmitting 
the funds to the payee. 

3. The method of claim 2 further comprising 
30 including an account number in the electronic 

instrument. 
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4. The method of claim 1 in which the account 
comprises a deposit account in the institution* 



5. Tha method of claim l in which the account 
comprises a credit account in the institution. 

5 6. The method of claim 1 in which the electronic 

instrument comprises an electronic substitute for a 
check. 

7. The method of claim 1 in which the electronic 
instrument comprises an electronic substitute for a 

10 credit card transaction slip. 

8. The method of claim 1 in which the publicly 
accessible data communication medium is unsecured. 

9. The method of claim 1 in which the institution 
comprises a bank. 

15 10. The method of claim 1 further comprising 

appending to the electronic instrument, digital 
representations of a verifiable signature of the payee. 

11. The method of claim 1 further comprising 
appending to the electronic instrument, digital 

20 representations of a verifiable certificate by an 
institution which holds an account of the payee. 

12. The method of claim 11 further comprising 
appending to the electronic instrument, digital 

representations of a verifiable certificate by a central 
25 banking authority with respect to the institution which 
holds the payee's account. 
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13. The method of claim l further comprising 
delivering the electronic instrument in part via a 

private controlled secure communication medium. 

14. The method of claim 1 further comprising 

5 delivering the electronic instrument to the payee 

at least in part via a publicly accessible data 
communication medium. 

15. The method of claim 1 further comprising 
delivering the electronic instrument to an 

10 institution which holds an account of the payee at least 
in part via a publicly accessible data communication 
medium. 

16. The method of claim 1 further comprising 
delivering the electronic instrument from an 

15 institution which holds an account of the payee to the 
funds-holding institution via an electronic clearing 
house. 

17. The method of claim 1 further comprising 

at the payee, verifying the signature of the payer 
20 and the certificate of the institution. 

18. The method of claim 1 further comprising 

at an institution holding an account of the payee, 
verifying the signature of the payer and the certificate 
of the funds-holding institution. 

25 19. The method of claim 1 in which the signature 

is generated by public key cryptography. 

20. The method of claim 1 in which the appending 
step is done by a separate signature device from the 
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device which perform* the creation of the electronic 
instrument. 

21. The method of claim 1 in which the electronic 
instrument comprises an electronic substitute for a 

5 traveler's check. 

22. The method of claim 1 in which the electronic 
instrument comprises an electronic substitute for a 
certified check. 

23. The method of claim 1 in which the electronic 
10 instrument comprises an electronic substitute for a 

cashier's check. 

24. The method of claim 1 further comprising 
delivering from the payee to the payer, at least 

in part via a publicly accessible communication medium, 
15 digital representations of (a) a proposed transaction, 
and (b) a verifiable signature of the payee. 

25. The method of claim l further comprising 
automatically transferring information from the 

electronic instrument to a computer-based accounting 
20 system that tracks accounts receivable or processes 
orders. 

26. The method of claim l further comprising 
maintaining a log of electronic instruments 

created. 

25 27. Apparatus comprising 

a token having a memory, a processor, and a port 
for communication with a computer, and in which 
the memory contains 
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a private encryption key associated with an 
account in a f unds-holding institution and which is 
usabla to append a sscurs, varifiabla signature to an 
•lactronic payment instrument drafted on tha account. 

5 28. Tha apparatus of claia 27 in which tha aeaory 

also contains cartif ication information provided by the 
institution and which is usable to append secure, 
verifiable certificates to electronic payment instruments 
to certify a relationship between an owner of the 
10 signature and a public key of the owner. 

29. The apparatus of claim 27 further comprising 
means for assigning a unique identifier to each 

electronic payment instrument. 

30. The apparatus of claia 27 in which the 
15 portable token comprises a PCMCIA compatible card. 

31. The apparatus of claim 27 in which the 
portable token comprises a smart card. 

32. The apparatus of claim 27 in which the token 
comprises an add-in computer board or a black box crypto- 

20 processor. 

33. The apparatus of claim 27 in which the 
certification information has a limited useful life. 

34. The apparatus of claim 27 in which the memory 
also contains certification information provided by a 

25 central banking authority and which is usable to append 
secure, verifiable certificates to electronic payment 
instruments to certify the authenticity of the funds- 
holding institution. 
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35. The apparatus of claia 34 in vhich the 
certification information provided by the central banking 
authority has a limited useful life. 

36. The apparatus of claia 34 in vhich the 
5 central banking authority comprises a United States 

federal reserve bank. 

37. The apparatus of claia 27 in vhich the memory 
also contains a register of electronic payment 
instruments to vhich signatures have been appended. 

10 38. The apparatus of claia 27 in vhich the 

appended signature comprises a signature of a payer vho 

holds the account in the institution. 

39. The apparatus of claim 27 in vhich the 
appended signature coaprises an endorseaent signature of 

15 a payee. 

40. The apparatus of claim 27 in vhich the aeaory 
also contains a personal identification number for 
controlling access to the aeaory. 

41. A computer-based method of creating an 
20 electronic payment instrument comprising 

forming digital payment data vhich represents the 
identity of the payer, the identity of the payee, and the 
amount to be paid, 

in a secure hardvare token, appending a digital 
25 signature to the data. 

42. A computer-based method of endorsing a 
payment instrument comprising 
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entering information included in the payment 
instrument in digital form into a secure hardware token, 
and 

in tha token, appending a digital signature to the 
5 digital information. 

43. A computer-based method for regulating uae of 
account numbers with respect to accounts in a funds- 
holding institution, comprising 

assigning digital account numbers for use by 
10 account holders in creating electronic instruments, the 
digital account numbers being distinct from non- 
electronic account numbers used by account holders with 
respect to non-electronic instruments, 

at the fund-holding institution, accepting 
15 electronic instruments from account holders only if the 
electronic instruments include one of the digital account 
numbers. 

44. The method of claim 43 in which each digital 
account number is linked with a non-electronic account 

20 number, and the two numbers are linked with a common 
account in the institution, so that electronic 
instruments and non-electronic instruments may be drawn 
against the same account. 

45. A computer-based method of attaching a 
25 document to a related electronic payment instrument 

comprising, 

forming a cryptographic hash of the document, and 
appending the hash to the electronic payment 
instrument. 
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46 • A computer-based method for reducing fraud 
with respect to deposit of an electronic instrument with 
a funds-holding institution, comprising 

including with the electronic instrument a key- 
5 encrypted signature of the payee and a public key of the 
payee, and 

at the institution, automatically checking the 
routing code and the account number before accepting the 
electronic instrument* 

10 47. A computer-based method for reducing fraud 

associated with an electronic payment instrument 
comprising 

appending to the electronic payment instrument a 
cryptographic signature associated with a party to the 
15 instrument, and 

upon receipt of the electronic payment instrument, 
automatically checking the cryptographic signature 
against cryptographic signature information of other 
electronic payment instruments previously received. 

20 48. A computer-based method for use with an 

electronic payment instrument comprising 

including in the electronic payment instrument, a 
serial number, a payment amount, a payer, a payee, and a 
date, 

25 transmitting the electronic payment instrument via 

a communication network from an inquiring party to a 
funds-holding institution having an account associated 
with the payer, 

at the funds-holding institution determining 

30 whether another electronic payment instrument having the 
same payer and the same serial number had previously been 
issued, 
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electronically advising the inquiring party based 
on the determination. 

49. A computer-baaed method for usa with an 
electronic payaant instrument comprising 
5 printing a paper version of the electronic payment 

instrument with digital signatures and digital 
certificates, 

passing tha paper version through the check 
clearing system to an issuing bank, 
10 at the issuing bank, scanning the paper version to 

derive a digital veraion, and 

at the issuing bank electronically verifying the 
electronic version based on the signatures and the 
certificates. 

15 50. Apparatus for maintaining bank account 

information electronically comprising 

a portable token holding information for enabling 

a user to add signatures and certifications to an 

electronic banking instrument drawn on the account, and 
20 a aeparate portable token holding a register of 

transactions associated with the account. 

51. The apparatus of claim 50 in which the 
separate portable token comprises a PCMCIA card or a 
smart disk. 

25 52. A method for regulating the use of an 

electronic financial document comprising 

including with the document an electronic 
signature and an electronic certification of the 
validity of an account to which the document relates. 
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accepting tha alactronic financial docuaant as 
valid only if tha signature and cartif ication ara 
alactronieally datarainad to ba valid. 
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